Date: Fri, 24 Sep 1999 17:02:25 +0300 (EEST) From: Adrian Penisoara <ady@freebsd.ady.ro> To: "Charles M. Hannum" <root@IHACK.NET> Cc: BUGTRAQ@SECURITYFOCUS.COM, freebsd-security@FreeBSD.org Subject: Re: FreeBSD-specific denial of service Message-ID: <Pine.BSF.4.10.9909241652530.35644-100000@ady.warpnet.ro> In-Reply-To: <199909211950.PAA09009@bill-the-cat.mit.edu>
index | next in thread | previous in thread | raw e-mail
Hi, On Tue, 21 Sep 1999, Charles M. Hannum wrote: > [Resending once, since it's been 10.5 days...] > > Here's an interesting denial-of-service attack against FreeBSD >=3.0 > systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no > way to purge entries unless the `vnode' (e.g. the file) they point to > is removed from memory -- which generally doesn't happen unless a > certain magic number of `vnodes' is in use, and never happens when the > `vnode' (i.e. file) is open. Thus it's possible to chew up an > arbitrary amount of wired kernel memory relatively simply. > Seems to be fixed in CVS version 1.38.2.3 of vfs_cache.c for RELENG_3 branch (meaning 3.3-STABLE) -- could you please check again ? Commit log: Limit aliases to a vnode in the namecache to a sysctl tunable 'vfs.cache.maxaliases'. This protects against a DoS via thousands of hardlinks to a file wiring down all kernel memory. Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909241652530.35644-100000>